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DETAILED ACTION 

This action is responsive to communications: application, filed 9/30/2003; amendment 
filed 8/15/2008. 

2. Claims 1-20, 22-24 are pending in the case. Claims 21 and 25-34 are cancelled 
by the applicant. 

Response to Arguments 

3. Applicant's argument is moot in view if the new grounds of rejection outlined 
below: 

Claim Objections 

4. Claim 1 is objected to because of the following informalities: At the end of the 
claim, the word "use" is misspelled as "us". Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person liaving ordinary skill in tiie art to wliicli said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1, 2, 17, 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Xiong (US Patent No. 7,096,490, filed March 20, 2002) in view of Gabber (US 
Patent No. 5,961 ,593, dated October 5, 1 999), and further in view of Selvarajan (US 
Patent Application Publication No. 2002/0032649, filed April 1 1 , 2001 ), and further in 
view of Rowland (US patent No. 6,405,318, filed March, 1999). 

6.1 . As per claim 1 , Xiong is directed to a method comprising: authenticating identity 
information associated with a request received from a requestor for accessing a 
service, wherein the request is sent from the requestor to the service and intercepted 
for processing (Xiong col. 5 line 23 to col. 6 line 27, teaches a request for 
authentication from the client to the ISP intercepted by a auto-configuration device 10. 
Device 1 0 negotiates the authentication protocol and user identity and password to be 
used for authentication that Is supported by both the client and the ISP); generating 
temporarily assigned identity information for the requestor (Xiong teaches presenting 
encrypted user ID and password in place of the unencrypted user ID and password for 
authentication. However, Xiong does not explicitly teach generation of a temporary 
assigned identity for the requestor. Gabber teaches generation of an alias or substitute 
identifier (temporary assigned identity) to replace the user ID (Gabber col. 1 1 lines 15- 
37, and abstract)); updating a protected identity directory with the temporarily assigned 
identity information (Gabber col. 1 1 line 37-53 shows that the substitute id (temporary 
id) is computed based on the stored data (ID, secret domain-name), which is 
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equivalent of a directory. Note that Gabber col. 12 line 8-18 teaches that keeping a 
directory to translate user data to substitute data is part of prior art); and directly 
transmitting the request and the temporarily assigned identity information to the service 
on behalf of the requester (Gabber col. 1 1 line 36-66), wherein the service accesses 
the protected identity directory with the temporarily assigned identity information to 
authenticate the requestor for access (Gabber col. 1 1 lines 37-53 shows the server 
requests authentication data from proxy site 1 10a (which provides the temporary 
assigned identity information) and receives the authentication data from the proxy), and 
wherein the temporarily assigned identity information syntax and semantic format 
recognized and expected by the service for authentication access to the service 
(Gabber's substitute ID is used to authenticate the user to the service, therefore, 
matched the syntax and semantic format of the service. Also, Xiong col. 5 line 23 to 
col. 6 line 27 shows that the auto-configuration device adjusts the protocol such that 
both the client and the ISP (service) support the authentication protocol). 

Gabber and Xiong are analogous art as they are both directed to facilitating 
authentication between a client and a server. At the time of invention, it would have 
been obvious to the one skilled in art to enhance Xiong's system of auto-configuring 
the authentication protocol, by adding a temporary user ID to protect the identity of the 
user. The motivation to do so would have been to protect the identity of the user and 
eliminating unwanted communication as suggested by Gabber col. 1 line 20 to col. 2 
line 11. 
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Xiong in view of Gabber does not explicitly teach the temporary assigned identity 
information is unique to the request and expires when the request expires or when the 
requestor logs out or terminates a communication session associated with the service. 
Gabber does teach that the temporary identity for all requests to each distinct service 
provider is unique (see col. 6 line 59 to col. 7 line 17), but does not generate a unique 
ID for each and every request. Gabber also teaches keeping track of sessions between 
the user and service provider (see col. 14 lines 26-47), but does not teach expiring the 
temporary identity at the end of each session. 

Selvarajan teaches a system to generate a high secure single usage e-currency-ID (see 
Abstract) for performing Internet based transactions using a credit card. Selvarajan 
teaches generation of unique ID (per use), including a preset time-out, which expires 
after a predetermined time (see parag. 19). 

At the time of invention, it would have been obvious to the one skilled in art to modify 
Xiong in view of Gabber, by enhancing Gabber's system of ID generation to generate 
IDs unique to each request (per use), and expiring after a time-out period, as taught by 
system of Selvarajan. Note that Gabber teaches use of credit card for payments, while 
concealing the user credit card information, if an intermediate system, such as the 
service provider (AMERICA ONLINE) can provide its own credit card info (see Gabber 
col. 12 line 57, to col. 13 line 5). Therefore enhancing Gabber systems to accommodate 
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secured credit card transactions is readily suggested by Gabber. Note tliat Selvarajan's 
system provides secure credit card payments by generating a unique temporary ID. 

The motivation to combine said teachings of Selvarajan with Xiong in view of Gabber 
would be increasing security such that more critical transactions, such as credit card 
payment could be accommodated. 

Xiong in view of Gabber and Selvarajan does not explicitly teach the service detecting 
and denying multiple login events that use the temporary assigned identity information. 

Rowland is directed to an intrusion detection system that monitors activities and detects 
and mitigates suspect activity (see abstract). Rowland column 5 lines 10-20 teaches 
that when the multiple login activities using the same identity is detected, it is a sign of 
suspect activity and access is denied. 

Rowland and Xiong in view of Gabber and Selvarajan are analogous art as they are 
directed to information security systems and access control enforcement. At the time of 
invention, it would have been obvious to the one skilled in art to combine the teachings 
of Rowland, and particularly the intrusion detection mechanism that detects and 
disables multiple logins using the same credentials, with the system of Xiong in view of 
Gabber and Selvarajan. The motivation to do so would have been to further secure the 
system by mitigating intrusion attempts. 
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6.2. As per claim 2, Xiong In view of Gabber, Selvarajan and Rowland is directed the 
method of claim 1 further comprising: generating a mapping between the identity 
information and the temporarily assigned identity information; and storing the mapping 
in a local Identity mapping store (Gabber col. 12 lines 7-17 teaches that storing the 
mapping data Is In the prior art. Fig. 5 and associated text shows an alternative 
embodiment, including a local proxy server, which provides mapping data locally. Also 
see col. 7 lines 25 to 40, teaching storage of identity information in a database or alias 
table). 

7. Claims 3-16, 19, 20, 22-24 rejected under 35 U.S.C. 103(a) as being 
unpatentable over Xiong (US Patent No. 7,096,490, filed March 20, 2002) and view of 
Gabber (US Patent No. 5,961 ,593, dated October 5, 1999), and further In view of 
Selvarajan (US Patent Application Publication No. 2002/032649, filed April 11, 2001), 
and further in view of Rowland and further in view of Gupta (US Patent No. 6,868,448, 
filed March 12, 1999). 

7.1 . As per claim 3, Xiong In view of Gabber, and further In view of Selvarajan Is 
directed to the method of claim 2 further comprising, synchronizing the local Identity 
mapping store and the mapping with one or more addition local identity mapping stores 
(Gabber teaches storing the identity information in local or central directories. 
Synchronizing the local identity mapping store and the mapping with one or more 
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addition local identity mapping stores was a well known attribute of distributed directory 
services systems at the time of invention. However, Gabber does not explicitly discuss 
the mentioned attribute. 

Gupta teaches a Directory Service (col. 16 line 42 to col. 17 line 14), which replicates 
data (entries) in several directory services distributed in different geographical areas. 
Gupta also teaches local application servers, which perform authentication and store 
the related identity information (col. 7 lines 12 to 25). The identity information stored at 
the local servers is automatically updated when the information at the remote server is 
updated. Therefore, Gupta teaches synchronizing the local identity mapping store and 
the mapping with one or more addition local identity mapping stores. 

Gupta and Gabber are analogous art, as they are both related to locating and providing 
data, resources and services to users in a distributed network. At the time of invention, 
it would have been obvious to a person skilled in art to deploy the distributed directory 
service taught by Gupta in the system of Xiong in view of Gabber and Selvarajan to 
allow access to user authentication data in a distributed network. One motivation to do 
so would have been balancing the load of directory servers as suggested in Gupta col. 
18, line 3 to 47. 

7.2. As per claim 4, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 1 wherein the generating further 
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includes assembling an aggregate identity configuration for the requestor from one or 
more authoritative identity stores before generating the temporarily assigned Identity 
information (Gabber col. 7 line 1 to col. 9 line 65 shows that the substitute ID is 
generated from a universal user ID and password combined with site specific data. 
Therefore, Gabber stores a universal secret from an authoritative store before 
generating substitute IDs). 

7.3. As per claim 5, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 1 further comprising, removing the 
temporarily assigned identity information from the protected identity directory after 
detecting a terminating event that terminates the authenticity of the temporarily 
assigned identity information (Gupta col. 7 lines 12 to 25). 

7.4. As per claim 6, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 5 further comprising recycling a 
storage space occupied by the temporarily assigned identity information for use in a 
subsequent iteration of the method (re-use of the space previously occupied by deleted 
data is standard practice in computer systems). 

7.5. As per claims 7-9, Xiong in view of Gabber, further in view of Selvarajan, and 
further in view of Gupta is directed to the method of claim 1 further comprising: 
detecting dynamic changes made on at least a portion of the identity information. 
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wherein tlie clianges are detected witlnin the protected identity directory; and 
synchronizing the temporarily assigned identity information and other local identity 
stores with the changes and logging the changes (see response to claim 3. It is well 
known in distributed directory systems to detect a change, update the information in the 
main and other local directory services and log the event). 

8. Limitations of claims 1 0-20, 22-24 are substantially the same as limitations of 
claims 1-9 above, and the following notes. 

8.1 . Claim 17 requires the identity information to include a combination of an 
identification, a password, a certificate, a token, a biometric value, a hardware value, a 
network connection value, and a time value. Gabber col. 6 lines 59-67 show the identity 
information includes a password and a user name (an identity). Creation of an identity 
from a combination of elements was well-known in the art. Therefore, it would have 
been obvious to create an identity from a combination of a password and a user name, 
or other elements and attributes related to a user. The motivation would have been to 
make it more difficult to guess the identity. 

8.2. Claim 23 requires temporarily assigned identity information is randomly or 
deterministically generated. Per Gabber col. 7 lines 1-2, the character string used to 
generate the substitute ID is chosen randomly. 
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8.3. Claim 29, now cancelled, requires the mapping is cached and accessible for 
subsequent uses. Gupta col. 1 1 lines 42 to 55 shows caching the data for subsequent 
use. 

8.4. Claim 10 requires removing the mapping between the identity configuration and 
temporary assigned identity when the request expires. As shown in rejection of claim 5 
above, removal of information associated with a session after the session is terminated 
is made obvious but Gupta's teaching in col. 7 lines 12 to 25. Therefore it would have 
been obvious to remove the mappings associated with the session, when the session is 
terminated. 

Conclusion 

9. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 0. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3739. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Farid Homayounmehr 
11/23/2008 
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